Hael
Sign inRequest a demo
ISO/IEC 42001 · Buyer intent

Who is ISO/IEC 42001 certified?

Updated 12 July 2026 · 6 min read
Key takeaway
As of July 2026, publicly verified ISO/IEC 42001-certified organisations include Anthropic, Amazon Web Services, Snowflake, Salesforce, ServiceNow, CrowdStrike and Harvey. Every name here has published or been publicly attested through their trust centre or certification-body listing; unverifiable claims have been dropped. The commercial consequence of this list is that the certificate is no longer optional signalling — when the largest AI providers hold it, enterprise procurement teams treat its absence in smaller vendors as an anomaly to explain.
  • Publicly verified as of July 2026: Anthropic, AWS, Snowflake, Salesforce, ServiceNow, CrowdStrike, Harvey.
  • Every name was verified against a public trust-centre listing, press release or certification-body register before publishing here.
  • Once the largest providers hold it, procurement treats absence as an anomaly, not a neutral state.
  • Certification is a signal about governance, not about any specific product's safety.
  • This list changes as more organisations certify — treat the dateline seriously.
  • General information, not legal advice. Current as of July 2026.

The public list, verified

The following organisations are publicly verified ISO/IEC 42001 certified as of July 2026:

  • Anthropic — publicly announced.
  • Amazon Web Services (AWS) — publicly announced; AWS was among the earliest large hyperscalers to certify.
  • Snowflake — publicly announced.
  • Salesforce — publicly announced.
  • ServiceNow — publicly announced.
  • CrowdStrike — publicly announced.
  • Harvey — publicly announced; the first widely-cited legal AI provider to certify.

Each name was verified against a public trust-centre listing, press release or certification-body register before publication. Any name that could not be independently verified was dropped rather than included on trust.

Why the largest providers certified early

For hyperscalers and enterprise AI platforms, ISO/IEC 42001 is a low-cost, high-leverage move. The management-system machinery already exists (they hold ISO 27001, 9001 and typically SOC 2). The certificate closes a fast-growing procurement question with a single artefact. And being on the certified list early sets the market's expectation baseline — one their sales teams reference in every enterprise conversation.

What that does to the market

Once buyers know the largest AI providers are certified, the absence of a certificate on a smaller vendor becomes something to explain rather than a neutral state. In practice this means a growing share of vendor questionnaires now ask either 'do you hold ISO/IEC 42001?' or 'when will you?', and 'we're evaluating it' has stopped clearing that gate in a lot of accounts.

What the certificate does — and doesn't — mean

The certificate is an attestation about governance, not about any particular product being safe or lawful. A certified organisation still needs product-level conformity for high-risk EU AI Act systems, still owes a DPIA where personal data is processed at scale, still owes sector-specific evidence where relevant. The certificate is powerful because it answers one commonly-asked question decisively — not because it answers every question.

Keeping the list current

This list will change quickly. The July 2026 dateline reflects the point at which each entry was independently verified. Certified organisations should appear on their own trust centre; the accredited certification body maintains a public register you can cross-check any specific claim against.

Key terms

Trust centre
A dedicated public page on a vendor's site listing certifications, attestations and security documentation.
Certification register
The public list a certification body maintains of the organisations it has certified and their scopes.

References

Related guides

Keep reading on ISO/IEC 42001.

Free check

See where you stand on ISO/IEC 42001, free.

Answer a few questions and get an indicative view of what ISO/IEC 42001 expects of your AI systems and where you stand today — no sign-up to see your result.

Indicative, not legal advice.
ISO/IEC 42001 · indicative readiness
HAEL FREE TOOLLIVE
Applicability
Applies to your AI use
MAPPED
What's expected
Risk classification · governance · documentation · oversight
4 PILLARS
Where you stand
Banded result · pointed to the gaps that matter most
SOURCED
Result
On-screen, free · optional PDF
FREE
Effort
Pre-scoped to ISO/IEC 42001
~ 5 MIN
INDICATIVE · NOT LEGAL ADVICE